In any case, it would be a good idea to be able to encrypt the private keys.
Encrypting private keys in the wallet is already underway in BitCoinJ. It will probably take a cycle for it getting into the apps.
if your phone is rooted (and I would think that the intersection between people rooting their phones and people using bitcoins is not empty), another application is more likely to be able to access the wallet-protobuf content.
Why is that? To my understanding, apps would still need to expoit security bugs, and the mere existence of them is unrelated to wether you have rooted your phone or not.